This is a web based wallet for Nano
The wallet itself is at rai-wallet. If you want to verify how blocks are created, signed and verified, how accounts are generated, etc ... you should look there. With it you can build your own private and homemade RaiBlocks wallet :D
js/custom.js you can find like the "Middleware" between the Wallet and the GUI. It also contains all the queries made to the server to request PoW, info about accounts and transactions, etc ...
The code relies on some NPM libraries for node.js. I've used browserify to use them at the browser.
How is it built into Nanowallet.io
At NanoWallet the server is only used to store the users' wallets (ciphered), to provide information about the network to them, and to generate PoW. When a user signs up, a random identifier is generated to store the user wallet under it, but the wallet is created at the browser (seeds, keys, accounts, transactions, signatures, everything ... ). Once the user is done with the wallet, it is ciphered (AES256) with his password, still at the browser, and then the ciphered wallet is sent to the server to store it. Someone with access to the database wouldn't be able to find users' keys (if passwords are strong enough and haven't been leaked by their owners).
Any kind of help is appreciated :) Suggestions, proposals, fixes, TODO items, issues, testing ... If you want to help there is stuff to do :D
With the purpose of testing the wallet strength I have prepared a wallet with an account containing 2000 XRB as a bounty for the one able to log in to that wallet.
The wallet has been created at raiwallet.com, using the code in this repo. I can give you all the info you need, except the password. Im going to start providing you with the
wallet identifier, the account, the password format (I would prefer you to break it in a way other than bruteforcing it :P but well ...), the ciphered wallet data and... yeah
If you need more info, just ask. If you find a vulnerability and it is worth it I may consider increasing the bounty. So yeah, lets play!
Check Laravel system requirements:
Clone the repo somewhere and cd into it. Then:
composer install composer update npm install --global gulp-cli npm shrinkwrap npm install cp .env-example .env
Then edit the .env file. Basically you need to add the DB settings. Info here. Also, you need a nano node with rpc enabled running on the same machine, or change this to match your requirements.
Also, you might want to configure the rpc callback to have your table with a list of timestamps and block hashes. It all works without it though.
And server side PoW ... it's not included in this repo but the way it works is having something pulling all PoW requests from the PoW table, solving them, and then updating them in the database. When developing, you can still test using client side PoW so ... But yeah.
php artisan migrate php artisan key:generate gulpAnd run it with:
php artisan serve